<?php
if ($do === 'updatePassword') {
	//now we look for user info in the users database
	$UserInfo = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id`='".$U_['id']."' "));
	//this is how we make the password special (ie, harder to read)
	$old_encrypted_password = (md5(strtolower(trim($UserInfo['username'])).strtolower(trim($_POST['old_password']))));
	$new_encrypted_password = (md5(strtolower(trim($UserInfo['username'])).strtolower(trim($_POST['password']))));
	//we should make sure the user knows their old password (to confirm that it was in fact the right user) before we let them change to a new one...
	if ($UserInfo['password'] !== $old_encrypted_password) {
		echo('<span class="alert">The password you entered was incorrect.  Please try again.</span><br />');
	} elseif ($_POST['password'] != $_POST['password_confirm']) {
		echo('<span class="alert">Sorry, try again.  Your passwords did not match.</span><br />');
	}   else {  
	   mysql_query("UPDATE `users` SET `password`='".$new_encrypted_password."' WHERE `id`='".$U_['id']."' ");
		echo('<span class="success">Your password was successfully changed</span><br />');
    }
}
?>	
<form name="userchangepassword" action="<?=$_SERVER['PHP_SELF']?>" method="post">
Old/Current Password: <input type="password" name="old_password" autocomplete="off" /><br />
New Password: <input type="password" name="password" autocomplete="off" /><br /> 
Confirm New Password: <input type="password" name="password_confirm" autocomplete="off" /> <br />

<input type="hidden" name="mode" value="userchangepassword" />
<input type="hidden" name="do" value="updatePassword" />
<input type="hidden" name="cat" value="<?=$cat?>" />

<input type="submit" value="Change Password" /><input type="reset" value="Cancel" />
</form>